Barretenberg: src/barretenberg/goblin/merge_verifier.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: Complete, auditors: [Sergei], commit: d1307bdee7f2ee0e737c19b77a26204a8dbafafc}

// external_1:  { status: not started, auditors: [], commit: }

// external_2:  { status: not started, auditors: [], commit: }

// =====================


#pragma once


#include "barretenberg/commitment_schemes/claim.hpp"

#include "barretenberg/commitment_schemes/kzg/kzg.hpp"

#include "barretenberg/honk/proof_system/types/proof.hpp"

#include "barretenberg/op_queue/ecc_op_queue.hpp"

#include "barretenberg/srs/global_crs.hpp"

#include "barretenberg/transcript/transcript.hpp"


namespace bb {


template <typename Curve> class MergeVerifier_ {

  public:

    using FF = typename Curve::ScalarField;

    using Commitment = typename Curve::AffineElement;

    using GroupElement = typename Curve::Element;

    using PCS = bb::KZG<Curve>;

    using PairingPoints =

        std::conditional_t<Curve::is_stdlib_type, stdlib::recursion::PairingPoints<Curve>, bb::PairingPoints<Curve>>;

    using Proof = std::vector<FF>; // Native: std::vector<bb::fr>, Recursive: stdlib::Proof<Builder>

    using Transcript = TranscriptFor_t<Curve>;


    // Number of columns that jointly constitute the op_queue, should be the same as the number of wires in the

    // MegaCircuitBuilder

    static constexpr size_t NUM_WIRES = MegaExecutionTraceBlocks::NUM_WIRES;

    static constexpr bool IsRecursive = Curve::is_stdlib_type;


    // Size of batch opening claim: [Q], [L₁..L₄], [R₁..R₄], [M₁..M₄], [G], [1]

    static constexpr size_t MERGE_BATCHED_CLAIM_SIZE = (3 * NUM_WIRES) + 3;


    using TableCommitments = std::array<Commitment, NUM_WIRES>; // Commitments to the subtables and the merged table


    struct InputCommitments {

        TableCommitments t_commitments;

        TableCommitments T_prev_commitments;

    };


    struct ReductionResult {

        PairingPoints pairing_points;

        TableCommitments merged_commitments;

        bool reduction_succeeded = false; // Aggregate of degree and concatenation checks

    };


    MergeSettings settings;

    std::shared_ptr<Transcript> transcript;


    explicit MergeVerifier_(const MergeSettings settings = MergeSettings::PREPEND,

                            std::shared_ptr<Transcript> transcript = std::make_shared<Transcript>())

        : settings(settings)

        , transcript(std::move(transcript))

    {}


    [[nodiscard("Verification result should be checked")]] ReductionResult reduce_to_pairing_check(

        const Proof& proof, const InputCommitments& input_commitments);


  private:


    std::vector<std::string> labels_degree_check = { "LEFT_TABLE_DEGREE_CHECK_0",

                                                     "LEFT_TABLE_DEGREE_CHECK_1",

                                                     "LEFT_TABLE_DEGREE_CHECK_2",

                                                     "LEFT_TABLE_DEGREE_CHECK_3" };


    std::vector<std::string> labels_shplonk_batching_challenges = {

        "SHPLONK_MERGE_BATCHING_CHALLENGE_0",  "SHPLONK_MERGE_BATCHING_CHALLENGE_1",

        "SHPLONK_MERGE_BATCHING_CHALLENGE_2",  "SHPLONK_MERGE_BATCHING_CHALLENGE_3",

        "SHPLONK_MERGE_BATCHING_CHALLENGE_4",  "SHPLONK_MERGE_BATCHING_CHALLENGE_5",

        "SHPLONK_MERGE_BATCHING_CHALLENGE_6",  "SHPLONK_MERGE_BATCHING_CHALLENGE_7",

        "SHPLONK_MERGE_BATCHING_CHALLENGE_8",  "SHPLONK_MERGE_BATCHING_CHALLENGE_9",

        "SHPLONK_MERGE_BATCHING_CHALLENGE_10", "SHPLONK_MERGE_BATCHING_CHALLENGE_11",

        "SHPLONK_MERGE_BATCHING_CHALLENGE_12"

    };


    bool check_concatenation_identities(std::vector<FF>& evals, const FF& pow_kappa) const;


    bool check_degree_identity(std::vector<FF>& evals,

                               const FF& pow_kappa_minus_one,

                               const std::vector<FF>& degree_check_challenges) const;


    BatchOpeningClaim<Curve> compute_shplonk_opening_claim(const std::vector<Commitment>& table_commitments,

                                                           const Commitment& shplonk_batched_quotient,

                                                           const FF& shplonk_opening_challenge,

                                                           const std::vector<FF>& shplonk_batching_challenges,

                                                           const FF& kappa,

                                                           const FF& kappa_inv,

                                                           const std::vector<FF>& evals) const;

};


// Type aliases for convenience

using MergeVerifier = MergeVerifier_<curve::BN254>;


namespace stdlib::recursion::goblin {

template <typename Builder> using MergeRecursiveVerifier = MergeVerifier_<bn254<Builder>>;

} // namespace stdlib::recursion::goblin


} // namespace bb

claim.hpp

bb::KZG
Definition kzg.hpp:22

bb::MegaExecutionTraceBlocks::NUM_WIRES
static constexpr size_t NUM_WIRES
Definition mega_execution_trace.hpp:381

bb::MergeVerifier_
Unified verifier class for the Goblin ECC op queue transcript merge protocol.
Definition merge_verifier.hpp:23

bb::MergeVerifier_::IsRecursive
static constexpr bool IsRecursive
Definition merge_verifier.hpp:37

bb::MergeVerifier_::Commitment
typename Curve::AffineElement Commitment
Definition merge_verifier.hpp:26

bb::MergeVerifier_::FF
typename Curve::ScalarField FF
Definition merge_verifier.hpp:25

bb::MergeVerifier_::transcript
std::shared_ptr< Transcript > transcript
Definition merge_verifier.hpp:67

bb::MergeVerifier_::GroupElement
typename Curve::Element GroupElement
Definition merge_verifier.hpp:27

bb::MergeVerifier_::compute_shplonk_opening_claim
BatchOpeningClaim< Curve > compute_shplonk_opening_claim(const std::vector< Commitment > &table_commitments, const Commitment &shplonk_batched_quotient, const FF &shplonk_opening_challenge, const std::vector< FF > &shplonk_batching_challenges, const FF &kappa, const FF &kappa_inv, const std::vector< FF > &evals) const
Definition merge_verifier.cpp:55

bb::MergeVerifier_::Proof
std::vector< FF > Proof
Definition merge_verifier.hpp:31

bb::MergeVerifier_::Transcript
TranscriptFor_t< Curve > Transcript
Definition merge_verifier.hpp:32

bb::MergeVerifier_::MergeVerifier_
MergeVerifier_(const MergeSettings settings=MergeSettings::PREPEND, std::shared_ptr< Transcript > transcript=std::make_shared< Transcript >())
Definition merge_verifier.hpp:69

bb::MergeVerifier_::check_concatenation_identities
bool check_concatenation_identities(std::vector< FF > &evals, const FF &pow_kappa) const
Definition merge_verifier.cpp:16

bb::MergeVerifier_::PairingPoints
std::conditional_t< Curve::is_stdlib_type, stdlib::recursion::PairingPoints< Curve >, bb::PairingPoints< Curve > > PairingPoints
Definition merge_verifier.hpp:30

bb::MergeVerifier_::labels_degree_check
std::vector< std::string > labels_degree_check
Definition merge_verifier.hpp:96

bb::MergeVerifier_::MERGE_BATCHED_CLAIM_SIZE
static constexpr size_t MERGE_BATCHED_CLAIM_SIZE
Definition merge_verifier.hpp:40

bb::MergeVerifier_::check_degree_identity
bool check_degree_identity(std::vector< FF > &evals, const FF &pow_kappa_minus_one, const std::vector< FF > &degree_check_challenges) const
Definition merge_verifier.cpp:34

bb::MergeVerifier_::reduce_to_pairing_check
ReductionResult reduce_to_pairing_check(const Proof &proof, const InputCommitments &input_commitments)
Reduce the merge proof to a pairing check.
Definition merge_verifier.cpp:114

bb::MergeVerifier_::labels_shplonk_batching_challenges
std::vector< std::string > labels_shplonk_batching_challenges
Definition merge_verifier.hpp:101

bb::MergeVerifier_::TableCommitments
std::array< Commitment, NUM_WIRES > TableCommitments
Definition merge_verifier.hpp:42

bb::MergeVerifier_::NUM_WIRES
static constexpr size_t NUM_WIRES
Definition merge_verifier.hpp:36

bb::MergeVerifier_::settings
MergeSettings settings
Definition merge_verifier.hpp:66

bb::PairingPoints
An object storing two EC points that represent the inputs to a pairing check.
Definition pairing_points.hpp:24

bb::curve::Grumpkin::Element
typename Group::element Element
Definition grumpkin.hpp:62

bb::curve::Grumpkin::is_stdlib_type
static constexpr bool is_stdlib_type
Definition grumpkin.hpp:69

bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:63

bb::curve::Grumpkin::ScalarField
bb::fq ScalarField
Definition grumpkin.hpp:59

ecc_op_queue.hpp

global_crs.hpp

proof.hpp

kzg.hpp

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

bb::MergeSettings
MergeSettings
The MergeSettings define whether an current subtable will be added at the beginning (PREPEND) or at t...
Definition ecc_ops_table.hpp:21

bb::PREPEND
@ PREPEND
Definition ecc_ops_table.hpp:21

bb::TranscriptFor_t
typename TranscriptFor< Curve >::type TranscriptFor_t
Definition transcript.hpp:517

std
STL namespace.

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

bb::BatchOpeningClaim
An accumulator consisting of the Shplonk evaluation challenge and vectors of commitments and scalars.
Definition claim.hpp:151

bb::MergeVerifier_::InputCommitments
Definition merge_verifier.hpp:50

bb::MergeVerifier_::InputCommitments::T_prev_commitments
TableCommitments T_prev_commitments
Definition merge_verifier.hpp:52

bb::MergeVerifier_::InputCommitments::t_commitments
TableCommitments t_commitments
Definition merge_verifier.hpp:51

bb::MergeVerifier_::ReductionResult
Result of merge verification.
Definition merge_verifier.hpp:60

bb::MergeVerifier_::ReductionResult::merged_commitments
TableCommitments merged_commitments
Definition merge_verifier.hpp:62

bb::MergeVerifier_::ReductionResult::pairing_points
PairingPoints pairing_points
Definition merge_verifier.hpp:61

bb::MergeVerifier_::ReductionResult::reduction_succeeded
bool reduction_succeeded
Definition merge_verifier.hpp:63

bb::field< bb::Bn254FrParams >

transcript.hpp